Community discussions

MUM Europe 2020
 
kirlein
just joined
Topic Author
Posts: 9
Joined: Thu Apr 27, 2006 8:37 am

hotspot with multipath route

Tue Jan 30, 2007 6:02 am

is it possible to set route for different user on hotspot ?

ex :
i have 2 backbone A and B
i create 3 user on my radius server and i wanna set routing for user X , Y to backbone A then user Z to backbone B

any clue to do that ?
 
User avatar
tneumann
Member
Member
Posts: 394
Joined: Sat Apr 16, 2005 6:38 pm
Location: Germany

Tue Jan 30, 2007 12:43 pm

Here's what you could try to do

1) Set up two different hotspot user profiles (groups), see

http://www.mikrotik.com/testdocs/ros/2. ... 5974025974

and set the incoming-packet-mark differently for each profile, let's say you assign incoming-packet-mark hs_group_a and hs_group_b

2) Assign your hotspot users to either group (locally, or via Radius)

3) Define a mangle rule in the prerouting chain to set a routing-mark depending on the value of the incoming-packet-mark established in step 1), something like this
chain=prerouting packet-mark=hs_group_a action=mark-routing new-routing-mark=to_backbone_a passthrough=yes
4) Add two policy routes to your internet backbone links (uplinks) and make the policy depend on the routing marks established in step 3), see

http://www.mikrotik.com/testdocs/ros/2. ... 3836028583


--Tom
 
kirlein
just joined
Topic Author
Posts: 9
Joined: Thu Apr 27, 2006 8:37 am

Tue Jan 30, 2007 6:11 pm

and set the incoming-packet-mark differently for each profile, let's say you assign incoming-packet-mark hs_group_a and hs_group_b
howto set Attribute for specify profile for user ? i`m using Mikrotik-Group but it seem not worked :cry:
 
User avatar
tneumann
Member
Member
Posts: 394
Joined: Sat Apr 16, 2005 6:38 pm
Location: Germany

Tue Jan 30, 2007 9:36 pm

Mikrotik-Group is indeed the correct Radius reply item to send back to the router with the Access-Accept message. The value of Mikrotik-Group should be the name of the profile and a profile with that name needs to already exist under /ip hotspot user profile on the router.

Check your user profiles under /ip hotspot user profile and enable debug output for Radius transactions on your Radius server and also on your MikroTik router.

--Tom
 
nicopretorius
Frequent Visitor
Frequent Visitor
Posts: 77
Joined: Mon Nov 15, 2004 9:49 am

Re: hotspot with multipath route

Mon Oct 05, 2009 3:07 pm

I have the same requirements as detailed above, i.e. I have complementory hotspot users which i want to force via a proxy server and I have commercial hotspot users which I want to route via a diffferent path. I have followed the instructions above.

I have successfully added the users to the user group and a mangle rule is dynamically added to the the hotspot chain as per below:
[admin@AlwaysOnOffice] /ip firewall mangle> print chain=hotspot 
Flags: X - disabled, I - invalid, D - dynamic 
 0 D chain=hotspot action=mark-packet new-packet-mark=Advert_Mark passthrough=yes src-address=10.20.65.25 
My problem is that if I look at the counters the Bytes and Packets for this packet mark, it remain zero which means the packets are not being marked and I will not be able to policy route them.

What might be the problem why these packets are not being marked? The ROS version is 3.30.
 
SurferTim
Forum Guru
Forum Guru
Posts: 4637
Joined: Mon Jan 07, 2008 10:31 pm
Location: Miramar Beach, Florida

Re: hotspot with multipath route

Mon Oct 05, 2009 4:58 pm

Try "chain=prerouting" and see if that helps.
 
nicopretorius
Frequent Visitor
Frequent Visitor
Posts: 77
Joined: Mon Nov 15, 2004 9:49 am

Re: hotspot with multipath route

Mon Oct 05, 2009 6:48 pm

It is automatically put into the hotspot chain when the parameters are configured. There is no setting to select a particular chain.
 
User avatar
tgrand
Long time Member
Long time Member
Posts: 671
Joined: Mon Aug 21, 2006 2:57 am
Location: Winnipeg, Manitoba, Canada

Re: hotspot with multipath route

Tue Oct 06, 2009 3:17 pm

Just a suggestion, as I have never tryed this.

You should be able to specify the ip address for your users using user manager.
Even though it is a single subnet on the hotspot treat it like 2 subnets and asign the users to a secific subnet.
In the firewall rules you can mark-routing based upon subnet.
 
nicopretorius
Frequent Visitor
Frequent Visitor
Posts: 77
Joined: Mon Nov 15, 2004 9:49 am

Re: hotspot with multipath route

Fri Oct 09, 2009 5:34 pm

I solved my problem. For my purposes I also needed the following jump and mark-routing rule in the pre-routing chain:
add action=jump chain=prerouting comment="" disabled=no hotspot=auth jump-target=hotspot src-address-list=""
add action=mark-routing chain=prerouting comment="" disabled=no new-routing-mark=advert_route packet-mark=Advert passthrough=no

Who is online

Users browsing this forum: No registered users and 34 guests